From 550f7878bf509cc825726e6d95506e62857d48c9 Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Mon, 26 Oct 2020 23:48:36 +0100 Subject: tested certificate chain code path further Added more documentation and quick helper scripts for now. We need to specify which signature schemes we expect/support from submitters. --- server/testdata/entry/README.md | 21 ++++++++++ server/testdata/entry/main.go | 46 ++++++++++++++++++++++ server/testdata/entry/stitem/foobar-0.0.1 | Bin 0 -> 48 bytes server/testdata/entry/stitem/foobar-0.0.1.b64 | 1 + server/testdata/entry/stitem/foobar-0.0.1.sig | 3 ++ server/testdata/entry/stitem/foobar-0.0.1.sig.b64 | 1 + 6 files changed, 72 insertions(+) create mode 100644 server/testdata/entry/README.md create mode 100644 server/testdata/entry/main.go create mode 100644 server/testdata/entry/stitem/foobar-0.0.1 create mode 100644 server/testdata/entry/stitem/foobar-0.0.1.b64 create mode 100644 server/testdata/entry/stitem/foobar-0.0.1.sig create mode 100644 server/testdata/entry/stitem/foobar-0.0.1.sig.b64 (limited to 'server/testdata/entry') diff --git a/server/testdata/entry/README.md b/server/testdata/entry/README.md new file mode 100644 index 0000000..0d26ca3 --- /dev/null +++ b/server/testdata/entry/README.md @@ -0,0 +1,21 @@ +# Create `item` and `signature` for the add-entry endpoint + +## Create a serialized `checksum_v1` entry +The following creates a serialized `checksum_v1` StItem, such that the package +name is `foobar-0.0.1` and the checksum `SHA256(foobar-0.0.1)`. The result is +stored in the `stitem` directory as `foobar-0.0.1`. +``` +$ go run . --logtostderr --name foobar-0.0.1 --dir stitem +``` + +## Sign the generated file using an end-entity certificate +Let's use our ECDSA end-entity certificate using SHA256 as the hash function. +``` +$ openssl dgst -sha256 -sign "../chain/rgdd-ecdsa.key" -out stitem/foobar-0.0.1.sig stitem/foobar-0.0.1 +``` + +## Encode the resulting StItem and its signature as base-64 +``` +$ openssl base64 -A -in stitem/foobar-0.0.1 -out stitem/foobar-0.0.1.b64 +$ openssl base64 -A -in stitem/foobar-0.0.1.sig -out stitem/foobar-0.0.1.sig.b64 +``` diff --git a/server/testdata/entry/main.go b/server/testdata/entry/main.go new file mode 100644 index 0000000..a849c50 --- /dev/null +++ b/server/testdata/entry/main.go @@ -0,0 +1,46 @@ +package main + +import ( + "flag" + "os" + + "crypto/sha256" + "io/ioutil" + + "github.com/golang/glog" + "github.com/google/certificate-transparency-go/tls" + "github.com/system-transparency/stfe" +) + +var ( + name = flag.String("name", "foobar-1.2.3", "a package identifier") + dir = flag.String("dir", "stitem", "directory path where output is stored") +) + +func main() { + flag.Parse() + + // Use H(name) as a dummy checksum + hasher := sha256.New() + hasher.Write([]byte(*name)) + checksum := hasher.Sum(nil) + + // Create and serialize an StItem of type checksum_v1 + item := stfe.NewChecksumV1([]byte(*name), checksum) + serialized, err := tls.Marshal(item) + if err != nil { + glog.Fatalf("tls marshal failed: %v", err) + } + + // Store the serialized item in *dir/name + if err := os.MkdirAll(*dir, 0755); err != nil { + glog.Fatalf("creating directory %s failed: %v", *dir, err) + } + path := *dir + "/" + *name + if err := ioutil.WriteFile(path, serialized, 0644); err != nil { + glog.Fatalf("writing to %s failed: %v", path, err) + } + + glog.Infof("Created serialized checksum_v1 StItem: %s", path) + glog.Flush() +} diff --git a/server/testdata/entry/stitem/foobar-0.0.1 b/server/testdata/entry/stitem/foobar-0.0.1 new file mode 100644 index 0000000..c667a36 Binary files /dev/null and b/server/testdata/entry/stitem/foobar-0.0.1 differ diff --git a/server/testdata/entry/stitem/foobar-0.0.1.b64 b/server/testdata/entry/stitem/foobar-0.0.1.b64 new file mode 100644 index 0000000..be3c14e --- /dev/null +++ b/server/testdata/entry/stitem/foobar-0.0.1.b64 @@ -0,0 +1 @@ +AAUMZm9vYmFyLTAuMC4xIHGVn/IR9o8GWqaDg88B65mgmWaY4+5EvQD12+c6/zgQ \ No newline at end of file diff --git a/server/testdata/entry/stitem/foobar-0.0.1.sig b/server/testdata/entry/stitem/foobar-0.0.1.sig new file mode 100644 index 0000000..12062a4 --- /dev/null +++ b/server/testdata/entry/stitem/foobar-0.0.1.sig @@ -0,0 +1,3 @@ +Kqx0||:YnYwڳQL1MV f7 h,##Pq)fZ<6JǗ;59h.'FLBW<:qJg^(>X i<Í=D]U. n7#T?UuΖW:BY'牛 *j:Bj]ȍE:.>Fg᭻ǰ 9=>`*|R Ǔ"{*ΠqÛF>27fSGzms`D=ч]S%$.lc_GHXbsB!=mLg?eJt6c[ΧD7nEdlRzV֔^9al%8H e +x&L +}-~,?Mz}Ni^˫,0)pz"w p'"!Z.xCc` ]Eb \ No newline at end of file diff --git a/server/testdata/entry/stitem/foobar-0.0.1.sig.b64 b/server/testdata/entry/stitem/foobar-0.0.1.sig.b64 new file mode 100644 index 0000000..d31c0d3 --- /dev/null +++ b/server/testdata/entry/stitem/foobar-0.0.1.sig.b64 @@ -0,0 +1 @@ +A0uScXiGF4yusRyaMHx8+OSfOoua8Fnlblnf63fas/HTUUwxkE1W/Q0E1PjtymY3CcCXGK+WaJMslPeCIyPaUHEBnSnWZpHBGFrMCDzrNpCMmOjGGUrIx5c7CDU5l4xoxS4S/7Qa5CdGTPUQFYlCV80dPDpxSme3Xg6o3yipxT6OjhTw21gJaTzdA8ONPejvRBVdlgNVLgt/bqSCo+039SP/zFQOuD/uVXXOlp1XOkLaz1nPJ+eJmwwqagY6Qmpd/siNhkXROpXtLsU+RqSPZ+Gtu9AIB8ewCTk9wD66YCqmfLNSDceTiwIie7gUm60qmdXOoPCrFHGR0QQPD4D2l5eaHK/Dm0Y+F5UC4IkyN8cfqmYaU0eyem25wZnRc2DGy0Q9t9GHXapTJbQkLgVsY19HSJCOFpIfoVi6BmIWB8P8c0KgjrUWIT1tTL7V52cD6D9lpfZKl4J0NpmximO0w1vhkNj4kv7Op79E8jfjpv36mhdusbJFoGS7wGwIUnqk9oJWjPfWlJ//Xq05wwGvzmFsJYKe/DhIDJIXZQrJeCb+TAp9LeHH1H4ZiSzO5H/lmdY/TXod7YB9np7z6LrpTuRpXsurLPuCMPbMASmKkxlwetEigncgkQTH/ARwwK2/HieCIoAhWgEunbF4Q2NgC/T1DOLaXRNFF+TK4Pn+52I= \ No newline at end of file -- cgit v1.2.3